S/MIME multipart/signed Message

4. Signed-data

4.8. S/MIME multipart/signed Message

: } : } : } 822 31 95: SET {

824 30 93: SEQUENCE { 826 02 1: INTEGER 3 829 80 20: [0]

: BE 6C A1 B3 E3 C1 F7 ED 43 70 A4 CE : 13 01 E2 FD E3 97 FE CD

851 30 7: SEQUENCE {

853 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) : (OIW)

: }

860 30 9: SEQUENCE {

862 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) : (ANSI X9.57 algorithm)

: }

871 04 46: OCTET STRING, encapsulates { 873 30 44: SEQUENCE {

875 02 20: INTEGER

: 6D 8E 5A CD 28 A0 1F D9 86 AD 7A E9 : DF AC D7 BE EC BE 3F F8

897 02 20: INTEGER

: 7C 8A 06 1E FC A4 41 35 7E F7 24 14 : FD 3D C0 56 B7 05 27 D5

: } : } : } : } : } : } : }

4.8. S/MIME multipart/signed Message

A full S/MIME message, including MIME, that includes the body part from 4.3 and the body containing the content of the message.

MIME-Version: 1.0 To: User2@examples.com From: aliceDss@examples.com Subject: Example 4.8

Message-Id: <020906002550300.249@examples.com>

Date: Fri, 06 Sep 2002 00:25:21 -0300 Content-Type: multipart/signed;

micalg=SHA1;

boundary="----=_NextBoundry____Fri,_06_Sep_2002_00:25:21";

protocol="application/pkcs7-signature"

This is a multi-part message in MIME format.

---=_NextBoundry____Fri,_06_Sep_2002_00:25:21 This is some sample content.

---=_NextBoundry____Fri,_06_Sep_2002_00:25:21

Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename=smime.p7s

MIIDdwYJKoZIhvcNAQcCoIIDaDCCA2QCAQExCTAHBgUrDgMCGjALBgkqhkiG9w0BBwGgggL gMIIC3DCCApugAwIBAgICAMgwCQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDT k5MDgxNzAxMTA0OVoXDTM5MTIzMTIzNTk1OVowEzERMA8GA1UEAxMIQWxpY2VEU1MwggG2M IIBKwYHKoZIzjgEATCCAR4CgYEAgY3N7YPqCp45PsJIKKPkR5PdDteoDuxTxauECE//lOFz SH4M1vNESNH+n6+koYkv4dkwyDbeP5u/t0zcX2mK5HXQNwyRCJWb3qde+fz0ny/dQ6iLVPE /sAcIR01diMPDtbPjVQh11Tl2EMR4vf+dsISXN/LkURu15AmWXPN+W9sCFQDiR6YaRWa4E8 baj7g3IStii/eTzQKBgCY40BSJMqo5+z5t2UtZakx2IzkEAjVc8ssaMMMeUF3dm1nizaoFP VjAe6I2uG4Hr32KQiWn9HXPSgheSz6Q+G3qnMkhijt2FOnOLl2jB80jhbgvMAF8bUmJEYk2 RL34yJVKU1a14vlz7BphNh8Rf8K97dFQ/5h0wtGBSmA5ujY5A4GEAAKBgFzjuVp1FJYLqXr d4z+p7Kxe3L23ExE0phaJKBEj2TSGZ3V1ExI9Q1tv5VG/+onyohs+JH09B41bY8i7RaWgSu OF1s4GgD/oI34a8iSrUxq4Jw0e7wi/ZhSAXGKsZfoVi/G7NNTSljf2YUeyxDKE8H5BQP1Gp 2NOM/Kl4vTyg+W4o4GBMH8wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwHwYDVR0j BBgwFoAUcEQ+gi5vh95K03XjPSC8QyuT8R8wHQYDVR0OBBYEFL5sobPjwfftQ3CkzhMB4v3 jl/7NMB8GA1UdEQQYMBaBFEFsaWNlRFNTQGV4YW1wbGUuY29tMAkGByqGSM44BAMDMAAwLQ IUVQykGR9CK4lxIjONg2q1PWdrv0UCFQCfYVNSVAtcst3a53Yd4hBSW0NevTFjMGECAQEwG DASMRAwDgYDVQQDEwdDYXJsRFNTAgIAyDAHBgUrDgMCGjAJBgcqhkjOOAQDBC4wLAIUM/mG f6gkgp9Z0XtRdGimJeB/BxUCFGFFJqwYRt1WYcIOQoGiaowqGzVI

---=_NextBoundry____Fri,_06_Sep_2002_00:25:21--4.9. S/MIME application/pkcs7-mime Signed Message A full S/MIME message, including the MIME parts.

MIME-Version: 1.0 To: User2@examples.com From: aliceDss@examples.com Subject: Example 4.9

Message-Id: <021031164540300.304@examples.com>

Date: Thu, 31 Oct 2002 16:45:14 -0300

Content-Type: application/pkcs7-mime; smime-type=signed-data;

name=smime.p7m

Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename=smime.p7m

MIIDmQYJKoZIhvcNAQcCoIIDijCCA4YCAQExCTAHBgUrDgMCGjAtBgkqhkiG9w0BBwGgIAQ eDQpUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuoIIC4DCCAtwwggKboAMCAQICAgDIMA kGByqGSM44BAMwEjEQMA4GA1UEAxMHQ2FybERTUzAeFw05OTA4MTcwMTEwNDlaFw0zOTEyM zEyMzU5NTlaMBMxETAPBgNVBAMTCEFsaWNlRFNTMIIBtjCCASsGByqGSM44BAEwggEeAoGB AIGNze2D6gqeOT7CSCij5EeT3Q7XqA7sU8WrhAhP/5Thc0h+DNbzREjR/p+vpKGJL+HZMMg 23j+bv7dM3F9piuR10DcMkQiVm96nXvn89J8v3UOoi1TxP7AHCEdNXYjDw7Wz41UIddU5dh DEeL3/nbCElzfy5FEbteQJllzzflvbAhUA4kemGkVmuBPG2o+4NyErYov3k80CgYAmONAUi TKqOfs+bdlLWWpMdiM5BAI1XPLLGjDDHlBd3ZtZ4s2qBT1YwHuiNrhuB699ikIlp/R1z0oI Xks+kPht6pzJIYo7dhTpzi5dowfNI4W4LzABfG1JiRGJNkS9+MiVSlNWteL5c+waYTYfEX/

Cve3RUP+YdMLRgUpgObo2OQOBhAACgYBc47ladRSWC6l63eM/qeysXty9txMRNKYWiSgRI9 k0hmd1dRMSPUNbb+VRv/qJ8qIbPiR9PQeNW2PIu0WloErjhdbOBoA/6CN+GvIkq1MauCcNH u8Iv2YUgFxirGX6FYvxuzTU0pY39mFHssQyhPB+QUD9RqdjTjPypeL08oPluKOBgTB/MAwG A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMB8GA1UdIwQYMBaAFHBEPoIub4feStN14z0 gvEMrk/EfMB0GA1UdDgQWBBS+bKGz48H37UNwpM4TAeL945f+zTAfBgNVHREEGDAWgRRBbG ljZURTU0BleGFtcGxlLmNvbTAJBgcqhkjOOAQDAzAAMC0CFFUMpBkfQiuJcSIzjYNqtT1na 79FAhUAn2FTUlQLXLLd2ud2HeIQUltDXr0xYzBhAgEBMBgwEjEQMA4GA1UEAxMHQ2FybERT UwICAMgwBwYFKw4DAhowCQYHKoZIzjgEAwQuMCwCFD1cSW6LIUFzeXle3YI5SKSBer/sAhQ mCq7s/CTFHOEjgASeUjbMpx5g6A==

4.10. SignedData with Attributes

A SignedData message with the following list of signedAttributes:

-unknown OID -contentHints -smimeCapablilties -securityLabel -ContentReference

-smimeEncryptKeyPreference -mlExpansionHistory

-EquivalentLabel 0 30 2047: SEQUENCE {

4 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) : (PKCS #7)

15 A0 2032: [0] {

19 30 2028: SEQUENCE { 23 02 1: INTEGER 1 26 31 9: SET {

28 30 7: SEQUENCE {

30 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) : (OIW)

: } : }

37 30 43: SEQUENCE {

39 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) : (PKCS #7)

50 A0 30: [0] {

52 04 28: OCTET STRING ’This is some sample content.’

: } : } 82 A0 736: [0] {

86 30 732: SEQUENCE { 90 30 667: SEQUENCE { 94 A0 3: [0] {

96 02 1: INTEGER 2 : }

99 02 2: INTEGER 200 103 30 9: SEQUENCE {

105 06 7: OBJECT IDENTIFIER

: dsaWithSha1 (1 2 840 10040 4 3) : (ANSI X9.57 algorithm)

: }

114 30 18: SEQUENCE { 116 31 16: SET {

118 30 14: SEQUENCE {

120 06 3: OBJECT IDENTIFIER : commonName (2 5 4 3) : (X.520 id-at (2 5 4)) 125 13 7: PrintableString ’CarlDSS’

: } : } : }

134 30 30: SEQUENCE {

136 17 13: UTCTime ’990817011049Z’

151 17 13: UTCTime ’391231235959Z’

: }

166 30 19: SEQUENCE { 168 31 17: SET {

170 30 15: SEQUENCE {

172 06 3: OBJECT IDENTIFIER : commonName (2 5 4 3) : (X.520 id-at (2 5 4)) 177 13 8: PrintableString ’AliceDSS’

: } : } : }

187 30 438: SEQUENCE { 191 30 299: SEQUENCE {

195 06 7: OBJECT IDENTIFIER

: dsa (1 2 840 10040 4 1) : (ANSI X9.57 algorithm) 204 30 286: SEQUENCE {

208 02 129: INTEGER

: 00 81 8D CD ED 83 EA 0A 9E 39 3E C2 : 48 28 A3 E4 47 93 DD 0E D7 A8 0E EC : 53 C5 AB 84 08 4F FF 94 E1 73 48 7E : 0C D6 F3 44 48 D1 FE 9F AF A4 A1 89 : 2F E1 D9 30 C8 36 DE 3F 9B BF B7 4C : DC 5F 69 8A E4 75 D0 37 0C 91 08 95 : 9B DE A7 5E F9 FC F4 9F 2F DD 43 A8 : 8B 54 F1 3F B0 07 08 47 4D 5D 88 C3 : C3 B5 B3 E3 55 08 75 D5 39 76 10 C4 : 78 BD FF 9D B0 84 97 37 F2 E4 51 1B : B5 E4 09 96 5C F3 7E 5B DB

340 02 21: INTEGER

: 00 E2 47 A6 1A 45 66 B8 13 C6 DA 8F : B8 37 21 2B 62 8B F7 93 CD

363 02 128: INTEGER

: 26 38 D0 14 89 32 AA 39 FB 3E 6D D9 : 4B 59 6A 4C 76 23 39 04 02 35 5C F2 : CB 1A 30 C3 1E 50 5D DD 9B 59 E2 CD : AA 05 3D 58 C0 7B A2 36 B8 6E 07 AF : 7D 8A 42 25 A7 F4 75 CF 4A 08 5E 4B : 3E 90 F8 6D EA 9C C9 21 8A 3B 76 14 : E9 CE 2E 5D A3 07 CD 23 85 B8 2F 30 : 01 7C 6D 49 89 11 89 36 44 BD F8 C8 : 95 4A 53 56 B5 E2 F9 73 EC 1A 61 36 : 1F 11 7F C2 BD ED D1 50 FF 98 74 C2 : D1 81 4A 60 39 BA 36 39

: } : }

494 03 132: BIT STRING 0 unused bits, encapsulates { 498 02 128: INTEGER

: 5C E3 B9 5A 75 14 96 0B A9 7A DD E3 : 3F A9 EC AC 5E DC BD B7 13 11 34 A6 : 16 89 28 11 23 D9 34 86 67 75 75 13 : 12 3D 43 5B 6F E5 51 BF FA 89 F2 A2 : 1B 3E 24 7D 3D 07 8D 5B 63 C8 BB 45 : A5 A0 4A E3 85 D6 CE 06 80 3F E8 23 : 7E 1A F2 24 AB 53 1A B8 27 0D 1E EF : 08 BF 66 14 80 5C 62 AC 65 FA 15 8B : F1 BB 34 D4 D2 96 37 F6 61 47 B2 C4 : 32 84 F0 7E 41 40 FD 46 A7 63 4E 33 : F2 A5 E2 F4 F2 83 E5 B8

: } : } 629 A3 129: [3] {

632 30 127: SEQUENCE { 634 30 12: SEQUENCE {

636 06 3: OBJECT IDENTIFIER

: basicConstraints (2 5 29 19) : (X.509 id-ce (2 5 29))

641 01 1: BOOLEAN TRUE

644 04 2: OCTET STRING, encapsulates { 646 30 0: SEQUENCE {}

: } : }

648 30 14: SEQUENCE {

650 06 3: OBJECT IDENTIFIER : keyUsage (2 5 29 15) : (X.509 id-ce (2 5 29)) 655 01 1: BOOLEAN TRUE

658 04 4: OCTET STRING, encapsulates { 660 03 2: BIT STRING 6 unused bits : ’11’B

: } : }

664 30 31: SEQUENCE {

666 06 3: OBJECT IDENTIFIER

: authorityKeyIdentifier (2 5 29 35) : (X.509 id-ce (2 5 29))

671 04 24: OCTET STRING, encapsulates { 673 30 22: SEQUENCE {

675 80 20: [0]

: 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 : 3D 20 BC 43 2B 93 F1 1F

: } : } : }

697 30 29: SEQUENCE {

699 06 3: OBJECT IDENTIFIER

: subjectKeyIdentifier (2 5 29 14) : (X.509 id-ce (2 5 29))

704 04 22: OCTET STRING, encapsulates { 706 04 20: OCTET STRING

: BE 6C A1 B3 E3 C1 F7 ED 43 70 A4 CE : 13 01 E2 FD E3 97 FE CD

: } : }

728 30 31: SEQUENCE {

730 06 3: OBJECT IDENTIFIER

: subjectAltName (2 5 29 17) : (X.509 id-ce (2 5 29)) 735 04 24: OCTET STRING, encapsulates { 737 30 22: SEQUENCE {

739 81 20: [1] ’AliceDSS@example.com’

: } : }

: } : } : } : }

761 30 9: SEQUENCE {

763 06 7: OBJECT IDENTIFIER

: dsaWithSha1 (1 2 840 10040 4 3) : (ANSI X9.57 algorithm)

: }

772 03 48: BIT STRING 0 unused bits, encapsulates { 775 30 45: SEQUENCE {

777 02 20: INTEGER

: 55 0C A4 19 1F 42 2B 89 71 22 33 8D : 83 6A B5 3D 67 6B BF 45

799 02 21: INTEGER

: 00 9F 61 53 52 54 0B 5C B2 DD DA E7 : 76 1D E2 10 52 5B 43 5E BD

: } : } : } : } 822 31 1225: SET {

826 30 1221: SEQUENCE { 830 02 1: INTEGER 1 833 30 24: SEQUENCE { 835 30 18: SEQUENCE { 837 31 16: SET {

839 30 14: SEQUENCE {

841 06 3: OBJECT IDENTIFIER : commonName (2 5 4 3) : (X.520 id-at (2 5 4)) 846 13 7: PrintableString ’CarlDSS’

: } : } : }

855 02 2: INTEGER 200 : }

859 30 7: SEQUENCE {

861 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) : (OIW)

: } 868 A0 1119: [0] {

872 30 24: SEQUENCE {

874 06 9: OBJECT IDENTIFIER

: contentType (1 2 840 113549 1 9 3) : (PKCS #9 (1 2 840 113549 1 9)) 885 31 11: SET {

887 06 9: OBJECT IDENTIFIER

: data (1 2 840 113549 1 7 1) : (PKCS #7)

: } : }

898 30 35: SEQUENCE {

900 06 9: OBJECT IDENTIFIER

: messageDigest (1 2 840 113549 1 9 4) : (PKCS #9 (1 2 840 113549 1 9))

911 31 22: SET {

913 04 20: OCTET STRING

: 40 6A EC 08 52 79 BA 6E 16 02 2D 9E : 06 29 C0 22 96 87 DD 48

: } : }

935 30 56: SEQUENCE {

937 06 3: OBJECT IDENTIFIER ’1 2 5555’

942 31 49: SET {

944 04 47: OCTET STRING

: ’This is a test General ASN Attribut’

: ’e, number 1.’

: } : }

993 30 62: SEQUENCE {

995 06 11: OBJECT IDENTIFIER : id-aa-contentHint

: (1 2 840 113549 1 9 16 2 4) : (S/MIME Authenticated Attributes : (1 2 840 113549 1 9 16 2)) 1008 31 47: SET {

1010 30 45: SEQUENCE { 1012 0C 32: UTF8String

: ’Content Hints Description Buffer’

1046 06 9: OBJECT IDENTIFIER

: data (1 2 840 113549 1 7 1) : (PKCS #7)

: } : } : }

1057 30 74: SEQUENCE {

1059 06 9: OBJECT IDENTIFIER : sMIMECapabilities

: (1 2 840 113549 1 9 15) : (PKCS #9

: (1 2 840 113549 1 9)) 1070 31 61: SET {

1072 30 59: SEQUENCE { 1074 30 7: SEQUENCE {

1076 06 5: OBJECT IDENTIFIER ’1 2 3 4 5 6’

: }

1083 30 48: SEQUENCE {

1085 06 6: OBJECT IDENTIFIER ’1 2 3 4 5 6 77’

1093 04 38: OCTET STRING

: ’Smime Capabilities parameters buffe’

: ’r 2’

: } : } : } : }

1133 30 109: SEQUENCE {

1135 06 11: OBJECT IDENTIFIER : id-aa-securityLabel

: (1 2 840 113549 1 9 16 2 2) : (S/MIME Authenticated Attributes : (1 2 840 113549 1 9 16 2)) 1148 31 94: SET {

1150 31 92: SET {

1152 02 1: INTEGER 1

1155 06 7: OBJECT IDENTIFIER ’1 2 3 4 5 6 7 8’

1164 13 27: PrintableString

: ’THIS IS A PRIVACY MARK TEST’

1193 31 49: SET {

1195 30 47: SEQUENCE { 1197 80 8: [0]

: 2A 03 04 05 06 07 86 78 1207 A1 35: [1] {

1209 13 33: PrintableString

: ’THIS IS A TEST SECURITY-’

: ’CATEGORY.’

: } : } : } : } : } : }

1244 30 111: SEQUENCE {

1246 06 11: OBJECT IDENTIFIER

: id-aa-contentReference

: (1 2 840 113549 1 9 16 2 10) : (S/MIME Authenticated Attributes : (1 2 840 113549 1 9 16 2)) 1259 31 96: SET {

1261 30 94: SEQUENCE {

1263 06 5: OBJECT IDENTIFIER ’1 2 3 4 5 6’

1270 04 43: OCTET STRING

: ’Content Reference Content Identifie’

: ’r Buffer’

1315 04 40: OCTET STRING

: ’Content Reference Signature Value B’

: ’uffer’

: } : } : }

1357 30 115: SEQUENCE {

1359 06 11: OBJECT IDENTIFIER : id-aa-encrypKeyPref

: (1 2 840 113549 1 9 16 2 11) : (S/MIME Authenticated Attributes : (1 2 840 113549 1 9 16 2)) 1372 31 100: SET {

1374 A0 98: [0] {

1376 30 90: SEQUENCE { 1378 31 11: SET {

1380 30 9: SEQUENCE {

1382 06 3: OBJECT IDENTIFIER

: countryName (2 5 4 6) : (X.520 id-at (2 5 4)) 1387 13 2: PrintableString ’US’

: } : } 1391 31 22: SET {

1393 30 20: SEQUENCE {

1395 06 3: OBJECT IDENTIFIER

: organizationName (2 5 4 10) : (X.520 id-at (2 5 4))

1400 13 13: PrintableString ’US Government’

: } : } 1415 31 17: SET {

1417 30 15: SEQUENCE {

1419 06 3: OBJECT IDENTIFIER

: organizationalUnitName : (2 5 4 11)

: (X.520 id-at (2 5 4)) 1424 13 8: PrintableString ’VDA Site’

: } : } 1434 31 12: SET {

1436 30 10: SEQUENCE {

1438 06 3: OBJECT IDENTIFIER

: organizationalUnitName : (2 5 4 11)

: (X.520 id-at (2 5 4)) 1443 13 3: PrintableString ’VDA’

: }

: } 1448 31 18: SET {

1450 30 16: SEQUENCE {

1452 06 3: OBJECT IDENTIFIER : commonName (2 5 4 3) : (X.520 id-at (2 5 4)) 1457 13 9: PrintableString ’Daisy RSA’

: } : } : }

1468 02 4: INTEGER 173360179 : }

: } : }

1474 30 252: SEQUENCE {

1477 06 11: OBJECT IDENTIFIER

: id-aa-mlExpandHistory

: (1 2 840 113549 1 9 16 2 3) : (S/MIME Authenticated Attributes : (1 2 840 113549 1 9 16 2)) 1490 31 236: SET {

1493 30 233: SEQUENCE { 1496 30 230: SEQUENCE {

1499 04 7: OCTET STRING ’5738299’

1508 18 15: GeneralizedTime ’19990311104433Z’

1525 A1 201: [1] {

1528 30 198: SEQUENCE { 1531 A4 97: [4] {

1533 30 95: SEQUENCE { 1535 31 11: SET {

1537 30 9: SEQUENCE {

1539 06 3: OBJECT IDENTIFIER

: countryName (2 5 4 6) : (X.520 id-at (2 5 4)) 1544 13 2: PrintableString ’US’

: } : } 1548 31 22: SET {

1550 30 20: SEQUENCE {

1552 06 3: OBJECT IDENTIFIER : organizationName : (2 5 4 10)

: (X.520 id-at (2 5 4)) 1557 13 13: PrintableString

: ’US Government’

: } : } 1572 31 17: SET {

1574 30 15: SEQUENCE {

1576 06 3: OBJECT IDENTIFIER

: organizationalUnitName : (2 5 4 11)

: (X.520 id-at (2 5 4)) 1581 13 8: PrintableString

: ’VDA Site’

: } : } 1591 31 12: SET {

1593 30 10: SEQUENCE {

1595 06 3: OBJECT IDENTIFIER

: organizationalUnitName : (2 5 4 11)

: (X.520 id-at (2 5 4)) 1600 13 3: PrintableString ’VDA’

: } : } 1605 31 23: SET {

1607 30 21: SEQUENCE {

1609 06 3: OBJECT IDENTIFIER : commonName (2 5 4 3) : (X.520 id-at (2 5 4)) 1614 13 14: PrintableString

: ’Bugs Bunny DSA’

: } : } : } : } 1630 A4 97: [4] {

1632 30 95: SEQUENCE { 1634 31 11: SET {

1636 30 9: SEQUENCE {

1638 06 3: OBJECT IDENTIFIER

: countryName (2 5 4 6) : (X.520 id-at (2 5 4)) 1643 13 2: PrintableString ’US’

: } : } 1647 31 22: SET {

1649 30 20: SEQUENCE {

1651 06 3: OBJECT IDENTIFIER : organizationName : (2 5 4 10)

: (X.520 id-at (2 5 4)) 1656 13 13: PrintableString

: ’US Government’

: }

: } 1671 31 17: SET {

1673 30 15: SEQUENCE {

1675 06 3: OBJECT IDENTIFIER

: organizationalUnitName : (2 5 4 11)

: (X.520 id-at (2 5 4)) 1680 13 8: PrintableString

: ’VDA Site’

: } : } 1690 31 12: SET {

1692 30 10: SEQUENCE {

1694 06 3: OBJECT IDENTIFIER

: organizationalUnitName : (2 5 4 11)

: (X.520 id-at (2 5 4)) 1699 13 3: PrintableString ’VDA’

: } : } 1704 31 23: SET {

1706 30 21: SEQUENCE {

1708 06 3: OBJECT IDENTIFIER : commonName (2 5 4 3) : (X.520 id-at (2 5 4)) 1713 13 14: PrintableString

: ’Elmer Fudd DSA’

: } : } : } : } : } : } : } : } : } : }

1729 30 258: SEQUENCE {

1733 06 11: OBJECT IDENTIFIER

: id-aa-equivalentLabels

: (1 2 840 113549 1 9 16 2 9) : (S/MIME Authenticated Attributes : (1 2 840 113549 1 9 16 2)) 1746 31 242: SET {

1749 30 239: SEQUENCE { 1752 31 114: SET {

1754 02 1: INTEGER 1

1757 06 7: OBJECT IDENTIFIER ’1 2 3 4 5 6 7 9’

1766 13 38: PrintableString

: ’EQUIVALENT THIS IS A PRIVACY MARK T’

: ’EST’

1806 31 60: SET {

1808 30 58: SEQUENCE { 1810 80 8: [0]

: 2A 03 04 05 06 07 86 78 1820 A1 46: [1] {

1822 13 44: PrintableString

: ’EQUIVALENT THIS IS A TEST SECURITY-’

: ’CATEGORY.’

: } : } : } : } 1868 31 121: SET {

1870 02 1: INTEGER 1

1873 06 7: OBJECT IDENTIFIER : ’1 2 3 4 5 6 7 10’

1882 13 45: PrintableString

: ’EQUIVALENT THIS IS A SECOND PRIVACY’

: ’ MARK TEST’

1929 31 60: SET {

1931 30 58: SEQUENCE { 1933 80 8: [0]

: 2A 03 04 05 06 07 86 78 1943 A1 46: [1] {

1945 13 44: PrintableString

: ’EQUIVALENT THIS IS A TEST SECURITY-’

: ’CATEGORY.’

: } : } : } : } : } : } : } : }

1991 30 9: SEQUENCE {

1993 06 7: OBJECT IDENTIFIER

: dsaWithSha1 (1 2 840 10040 4 3) : (ANSI X9.57 algorithm)

: }

2002 04 47: OCTET STRING, encapsulates { 2004 30 45: SEQUENCE {

2006 02 21: INTEGER

: 00 BC 33 37 65 C4 F7 70 5C 17 49 13 : AA 4C 85 CA BB 52 91 48 59

2029 02 20: INTEGER

: 63 96 A2 14 8B CF 57 DE B0 48 5F 6C : 64 DD 84 04 49 5F 1C CA

: } : } : } : } : } : } : }

4.11. SignedData with Certificates Only

CA SignedData message with no content or signature, containing only Alices’s and Carl’s certificates.

0 30 1672: SEQUENCE {

4 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) : (PKCS #7)

15 A0 1657: [0] {

19 30 1653: SEQUENCE { 23 02 1: INTEGER 1 26 31 0: SET {}

28 30 11: SEQUENCE {

30 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) : (PKCS #7)

: } 41 A0 1407: [0] {

45 30 667: SEQUENCE { 49 30 602: SEQUENCE { 53 A0 3: [0] {

55 02 1: INTEGER 2 : }

58 02 1: INTEGER 1 61 30 9: SEQUENCE {

63 06 7: OBJECT IDENTIFIER

: dsaWithSha1 (1 2 840 10040 4 3) : (ANSI X9.57 algorithm)

: }

72 30 18: SEQUENCE { 74 31 16: SET {

76 30 14: SEQUENCE {

78 06 3: OBJECT IDENTIFIER : commonName (2 5 4 3) : (X.520 id-at (2 5 4)) 83 13 7: PrintableString ’CarlDSS’

: } : }

: }

92 30 30: SEQUENCE {

94 17 13: UTCTime ’990816225050Z’

109 17 13: UTCTime ’391231235959Z’

: }

124 30 18: SEQUENCE { 126 31 16: SET {

128 30 14: SEQUENCE {

130 06 3: OBJECT IDENTIFIER : commonName (2 5 4 3) : (X.520 id-at (2 5 4)) 135 13 7: PrintableString ’CarlDSS’

: } : } : }

144 30 439: SEQUENCE { 148 30 299: SEQUENCE {

152 06 7: OBJECT IDENTIFIER

: dsa (1 2 840 10040 4 1) : (ANSI X9.57 algorithm) 161 30 286: SEQUENCE {

165 02 129: INTEGER

: 00 B6 49 18 3E 8A 44 C1 29 71 94 4C : 01 C4 12 C1 7A 79 CB 54 4D AB 1E 81 : FB C6 4C B3 0E 94 09 06 EB 01 D4 B1 : C8 71 4B C7 45 C0 50 25 5D 9C FC DA : E4 6D D3 E2 86 48 84 82 7D BA 15 95 : 4A 16 F6 46 ED DD F6 98 D2 BB 7E 8A : 0A 8A BA 16 7B B9 50 01 48 93 8B EB : 25 15 51 97 55 DC 8F 53 0E 10 A9 50 : FC 70 B7 CD 30 54 FD DA DE A8 AA 22 : B5 A1 AF 8B CC 02 88 E7 8B 70 5F B9 : AD E1 08 D4 6D 29 2D D6 E9

297 02 21: INTEGER

: 00 DD C1 2F DF 53 CE 0B 34 60 77 3E : 02 A4 BF 8A 5D 98 B9 10 D5

320 02 128: INTEGER

: 0C EE 57 9B 4B BD DA B6 07 6A 74 37 : 4F 55 7F 9D ED BC 61 0D EB 46 59 3C : 56 0B 2B 5B 0C 91 CE A5 62 52 69 CA : E1 6D 3E BD BF FE E1 B7 B9 2B 61 3C : AD CB AE 45 E3 06 AC 8C 22 9D 9C 44 : 87 0B C7 CD F0 1C D9 B5 4E 5D 73 DE : AF 0E C9 1D 5A 51 F5 4F 44 79 35 5A : 73 AA 7F 46 51 1F A9 42 16 9C 48 EB : 8A 79 61 B4 D5 2F 53 22 44 63 1F 86 : B8 A3 58 06 25 F8 29 C0 EF BA E0 75 : F0 42 C4 63 65 52 9B 0A

: } : }

451 03 133: BIT STRING 0 unused bits, encapsulates { 455 02 129: INTEGER

: 00 99 87 74 27 03 66 A0 B1 C0 AD DC : 2C 75 BB E1 6C 44 9C DA 21 6D 4D 47 : 6D B1 62 09 E9 D8 AE 1E F2 3A B4 94 : B1 A3 8E 7A 9B 71 4E 00 94 C9 B4 25 : 4E B9 60 96 19 24 01 F3 62 0C FE 75 : C0 FB CE D8 68 00 E3 FD D5 70 4F DF : 23 96 19 06 94 F4 B1 61 8F 3A 57 B1 : 08 11 A4 0B 26 25 F0 52 76 81 EA 0B : 62 0D 95 2A E6 86 BA 72 B2 A7 50 83 : 0B AA 27 CD 1B A9 4D 89 9A D7 8D 18 : 39 84 3F 8B C5 56 4D 80 7A

: } : } 587 A3 66: [3] {

589 30 64: SEQUENCE { 591 30 15: SEQUENCE {

593 06 3: OBJECT IDENTIFIER

: basicConstraints (2 5 29 19) : (X.509 id-ce (2 5 29))

598 01 1: BOOLEAN TRUE

601 04 5: OCTET STRING, encapsulates { 603 30 3: SEQUENCE {

605 01 1: BOOLEAN TRUE : }

: } : }

608 30 14: SEQUENCE {

610 06 3: OBJECT IDENTIFIER : keyUsage (2 5 29 15) : (X.509 id-ce (2 5 29)) 615 01 1: BOOLEAN TRUE

618 04 4: OCTET STRING, encapsulates { 620 03 2: BIT STRING 1 unused bits : ’1100001’B

: } : }

624 30 29: SEQUENCE {

626 06 3: OBJECT IDENTIFIER

: subjectKeyIdentifier (2 5 29 14) : (X.509 id-ce (2 5 29))

631 04 22: OCTET STRING, encapsulates { 633 04 20: OCTET STRING

: 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 : 3D 20 BC 43 2B 93 F1 1F

: } : } : } : } : }

655 30 9: SEQUENCE {

657 06 7: OBJECT IDENTIFIER

: dsaWithSha1 (1 2 840 10040 4 3) : (ANSI X9.57 algorithm)

: }

666 03 48: BIT STRING 0 unused bits, encapsulates { 669 30 45: SEQUENCE {

671 02 20: INTEGER

: 6B A9 F0 4E 7A 5A 79 E3 F9 BE 3D 2B : C9 06 37 E9 11 17 A1 13

693 02 21: INTEGER

: 00 8F 34 69 2A 8B B1 3C 03 79 94 32 : 4D 12 1F CE 89 FB 46 B2 3B

: } : } : }

716 30 732: SEQUENCE { 720 30 667: SEQUENCE { 724 A0 3: [0] {

726 02 1: INTEGER 2 : }

729 02 2: INTEGER 200 733 30 9: SEQUENCE {

735 06 7: OBJECT IDENTIFIER

: dsaWithSha1 (1 2 840 10040 4 3) : (ANSI X9.57 algorithm)

: }

744 30 18: SEQUENCE { 746 31 16: SET {

748 30 14: SEQUENCE {

750 06 3: OBJECT IDENTIFIER : commonName (2 5 4 3) : (X.520 id-at (2 5 4)) 755 13 7: PrintableString ’CarlDSS’

: } : } : }

764 30 30: SEQUENCE {

766 17 13: UTCTime ’990817011049Z’

781 17 13: UTCTime ’391231235959Z’

: }

796 30 19: SEQUENCE { 798 31 17: SET {

800 30 15: SEQUENCE {

802 06 3: OBJECT IDENTIFIER : commonName (2 5 4 3) : (X.520 id-at (2 5 4)) 807 13 8: PrintableString ’AliceDSS’

: } : } : }

817 30 438: SEQUENCE { 821 30 299: SEQUENCE {

825 06 7: OBJECT IDENTIFIER

: dsa (1 2 840 10040 4 1) : (ANSI X9.57 algorithm) 834 30 286: SEQUENCE {

838 02 129: INTEGER

970 02 21: INTEGER

: 00 E2 47 A6 1A 45 66 B8 13 C6 DA 8F : B8 37 21 2B 62 8B F7 93 CD

993 02 128: INTEGER

: } : }

1124 03 132: BIT STRING 0 unused bits, encapsulates { 1128 02 128: INTEGER

: 5C E3 B9 5A 75 14 96 0B A9 7A DD E3 : 3F A9 EC AC 5E DC BD B7 13 11 34 A6 : 16 89 28 11 23 D9 34 86 67 75 75 13

: 12 3D 43 5B 6F E5 51 BF FA 89 F2 A2 : 1B 3E 24 7D 3D 07 8D 5B 63 C8 BB 45 : A5 A0 4A E3 85 D6 CE 06 80 3F E8 23 : 7E 1A F2 24 AB 53 1A B8 27 0D 1E EF : 08 BF 66 14 80 5C 62 AC 65 FA 15 8B : F1 BB 34 D4 D2 96 37 F6 61 47 B2 C4 : 32 84 F0 7E 41 40 FD 46 A7 63 4E 33 : F2 A5 E2 F4 F2 83 E5 B8

: } : } 1259 A3 129: [3] {

1262 30 127: SEQUENCE { 1264 30 12: SEQUENCE {

1266 06 3: OBJECT IDENTIFIER

: basicConstraints (2 5 29 19) : (X.509 id-ce (2 5 29))

1271 01 1: BOOLEAN TRUE

1274 04 2: OCTET STRING, encapsulates { 1276 30 0: SEQUENCE {}

: } : }

1278 30 14: SEQUENCE {

1280 06 3: OBJECT IDENTIFIER : keyUsage (2 5 29 15) : (X.509 id-ce (2 5 29)) 1285 01 1: BOOLEAN TRUE

1288 04 4: OCTET STRING, encapsulates { 1290 03 2: BIT STRING 6 unused bits : ’11’B

: } : }

1294 30 31: SEQUENCE {

1296 06 3: OBJECT IDENTIFIER

: authorityKeyIdentifier (2 5 29 35) : (X.509 id-ce (2 5 29))

1301 04 24: OCTET STRING, encapsulates { 1303 30 22: SEQUENCE {

1305 80 20: [0]

: 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 : 3D 20 BC 43 2B 93 F1 1F

: } : } : }

1327 30 29: SEQUENCE {

1329 06 3: OBJECT IDENTIFIER

: subjectKeyIdentifier (2 5 29 14) : (X.509 id-ce (2 5 29))

1334 04 22: OCTET STRING, encapsulates {

1336 04 20: OCTET STRING

: BE 6C A1 B3 E3 C1 F7 ED 43 70 A4 CE : 13 01 E2 FD E3 97 FE CD

: } : }

1358 30 31: SEQUENCE {

1360 06 3: OBJECT IDENTIFIER

: subjectAltName (2 5 29 17) : (X.509 id-ce (2 5 29)) 1365 04 24: OCTET STRING, encapsulates { 1367 30 22: SEQUENCE {

1369 81 20: [1] ’AliceDSS@example.com’

: } : } : } : } : } : }

1391 30 9: SEQUENCE {

1393 06 7: OBJECT IDENTIFIER

: dsaWithSha1 (1 2 840 10040 4 3) : (ANSI X9.57 algorithm)

: }

1402 03 48: BIT STRING 0 unused bits, encapsulates { 1405 30 45: SEQUENCE {

1407 02 20: INTEGER

: 55 0C A4 19 1F 42 2B 89 71 22 33 8D : 83 6A B5 3D 67 6B BF 45

1429 02 21: INTEGER

: 00 9F 61 53 52 54 0B 5C B2 DD DA E7 : 76 1D E2 10 52 5B 43 5E BD

: } : } : } : } 1452 A1 219: [1] {

1455 30 216: SEQUENCE { 1458 30 153: SEQUENCE { 1461 30 9: SEQUENCE {

1463 06 7: OBJECT IDENTIFIER

: dsaWithSha1 (1 2 840 10040 4 3) : (ANSI X9.57 algorithm)

: }

1472 30 18: SEQUENCE { 1474 31 16: SET {

1476 30 14: SEQUENCE {

1478 06 3: OBJECT IDENTIFIER : commonName (2 5 4 3)

: (X.520 id-at (2 5 4)) 1483 13 7: PrintableString ’CarlDSS’

: } : } : }

1492 17 13: UTCTime ’990827070000Z’

1507 30 105: SEQUENCE { 1509 30 19: SEQUENCE { 1511 02 2: INTEGER 200

1515 17 13: UTCTime ’990822070000Z’

: }

1530 30 19: SEQUENCE { 1532 02 2: INTEGER 201

1536 17 13: UTCTime ’990822070000Z’

: }

1551 30 19: SEQUENCE { 1553 02 2: INTEGER 211

1557 17 13: UTCTime ’990822070000Z’

: }

1572 30 19: SEQUENCE { 1574 02 2: INTEGER 210

1578 17 13: UTCTime ’990822070000Z’

: }

1593 30 19: SEQUENCE { 1595 02 2: INTEGER 212

1599 17 13: UTCTime ’990824070000Z’

: } : } : }

1614 30 9: SEQUENCE {

1616 06 7: OBJECT IDENTIFIER

: dsaWithSha1 (1 2 840 10040 4 3) : (ANSI X9.57 algorithm)

: }

1625 03 47: BIT STRING 0 unused bits, encapsulates { 1628 30 44: SEQUENCE {

1630 02 20: INTEGER

: 7E 65 52 76 33 FE 34 73 17 D1 F7 96 : F9 A0 D4 D8 6D 5C 7D 3D

1652 02 20: INTEGER

: 02 7A 5B B7 D5 5B 18 C1 CF 87 EF 7E : DA 24 F3 2A 83 9C 35 A1

: } : } : } : } 1674 31 0: SET {}

: }

: } : } 5. Enveloped-data

5.1. Basic Encrypted Content, TripleDES and RSA

An EnvelopedData from Alice to Bob of ExContent using TripleDES for encrypting and RSA for key management. Does not have an

OriginatorInfo.

0 30 286: SEQUENCE {

4 06 9: OBJECT IDENTIFIER

: envelopedData (1 2 840 113549 1 7 3) : (PKCS #7)

15 A0 271: [0] {

19 30 267: SEQUENCE { 23 02 1: INTEGER 0 26 31 192: SET {

29 30 189: SEQUENCE { 32 02 1: INTEGER 0 35 30 38: SEQUENCE { 37 30 18: SEQUENCE { 39 31 16: SET {

41 30 14: SEQUENCE {

43 06 3: OBJECT IDENTIFIER : commonName (2 5 4 3) : (X.520 id-at (2 5 4)) 48 13 7: PrintableString ’CarlRSA’

: } : } : } 57 02 16: INTEGER

: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E : CD 5D 71 D0

: }

75 30 13: SEQUENCE {

77 06 9: OBJECT IDENTIFIER

: rsaEncryption (1 2 840 113549 1 1 1) : (PKCS #1)

88 05 0: NULL : }

90 04 128: OCTET STRING

: 0B 71 0D E6 71 88 88 98 B6 96 C1 8F : 70 FD A2 27 DE DA E1 EF 24 6C A4 33 : DF AC E0 E9 9D A2 D3 2C 7A CD 80 B8 : 99 9E E6 5F B1 41 B3 72 16 83 E7 FA : 2A 00 8B C7 73 35 78 26 D6 C7 CF 8C

: 0C 56 DB A5 76 9D 08 38 0E F3 F9 D4 : 91 43 58 78 DC 49 B6 EC EE 6C 68 33 : A3 21 1D F0 28 78 1F F7 5D F6 07 73 : 4D DF AD 69 31 20 4B 48 A9 75 22 6E : 36 79 15 63 8F CC EB 9D A3 28 A1 D1 : 2C 57 F4 DA 1A 2C 75 1F

: } : }

221 30 67: SEQUENCE {

223 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) : (PKCS #7)

234 30 20: SEQUENCE {

236 06 8: OBJECT IDENTIFIER

: des-EDE3-CBC (1 2 840 113549 3 7) : (RSADSI encryptionAlgorithm

: (1 2 840 113549 3)) 246 04 8: OCTET STRING

: 2D 68 C5 E9 47 06 51 35 : }

256 80 32: [0]

: 0E C8 92 7F C6 7D 3F 8D CB AD 8E 0E : C5 49 3A EB 47 2E D6 55 DE 09 21 4E : 48 EA 4E 27 B1 6E 57 25

: } : } : } : }

5.2. Basic Encrypted Content, RC2/128 and RSA

Same as 5.1, except using RC2/128 for encryption and RSA for key management. An EnvelopedData from Alice to Bob of ExContent using RC2/40 for encrypting and RSA for key management. Does not have an OriginatorInfo or any attributes.

0 30 291: SEQUENCE {

4 06 9: OBJECT IDENTIFIER

: envelopedData (1 2 840 113549 1 7 3) : (PKCS #7)

15 A0 276: [0] {

19 30 272: SEQUENCE { 23 02 1: INTEGER 0 26 31 192: SET {

29 30 189: SEQUENCE { 32 02 1: INTEGER 0 35 30 38: SEQUENCE { 37 30 18: SEQUENCE { 39 31 16: SET {

41 30 14: SEQUENCE {

43 06 3: OBJECT IDENTIFIER : commonName (2 5 4 3) : (X.520 id-at (2 5 4)) 48 13 7: PrintableString ’CarlRSA’

: } : } : } 57 02 16: INTEGER

: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E : CD 5D 71 D0

: }

75 30 13: SEQUENCE {

77 06 9: OBJECT IDENTIFIER

: rsaEncryption (1 2 840 113549 1 1 1) : (PKCS #1)

88 05 0: NULL : }

90 04 128: OCTET STRING

: 85 42 BE E3 0B 2E E5 0F 09 AA 24 CA : DE DA C1 D3 09 B8 27 2B 25 CB D5 71 : FB C9 9C DB F0 B2 6E A0 8A 5F 1C 9D : 4A ED 98 9D 15 39 26 01 1A 2E 6B F0 : 44 39 89 37 3C 6F C7 4A 61 0B 0B 27 : 77 AA F9 D4 97 A4 D2 21 3F C2 3F 20 : D4 DC 10 E9 D6 3F 00 DB 9C 82 47 D6 : 7E 96 FF 12 6E 87 84 A0 BA ED 81 0F : 56 6D A6 1D EB AB C3 B7 A1 B9 F8 5F : 8B CC 1B 4A E5 14 36 06 61 D0 C7 64 : 5F 69 67 91 A9 50 EE D8

: } : }

221 30 72: SEQUENCE {

223 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) : (PKCS #7)

234 30 25: SEQUENCE {

236 06 8: OBJECT IDENTIFIER rc2CBC (1 2 840 113549 3 2) : (RSADSI encryptionAlgorithm

: (1 2 840 113549 3)) 246 30 13: SEQUENCE {

248 02 1: INTEGER 58 251 04 8: OCTET STRING

: E8 70 81 E2 EF C5 15 57 : }

: } 261 80 32: [0]

: 06 53 0A 7B 8D 5C 16 0D CC D5 76 D6 : 8B 59 D6 45 8C 1A 1A 0C E6 1E F3 DE

: 43 56 00 9B 40 8C 38 5D : }

: } : } : }

5.3. S/MIME application/pkcs7-mime Encrypted Message

A full S/MIME message, including MIME, that includes the body part from 5.1.

MIME-Version: 1.0

Message-Id: <00103112005203.00349@amyemily.ig.com>

Date: Tue, 31 Oct 2000 12:00:52 -0600 (Central Standard Time) From: User1

To: User2

Subject: Example 5.3

Content-Type: application/pkcs7-mime;

name=smime.p7m;

smime-type=enveloped-data Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename=smime.p7m

MIIBHgYJKoZIhvcNAQcDoIIBDzCCAQsCAQAxgcAwgb0CAQAwJjASMRAwDgYDVQQDEwdDYXJ sUlNBAhBGNGvHgABWvBHTbi7NXXHQMA0GCSqGSIb3DQEBAQUABIGAC3EN5nGIiJi2lsGPcP 2iJ97a4e8kbKQz36zg6Z2i0yx6zYC4mZ7mX7FBs3IWg+f6KgCLx3M1eCbWx8+MDFbbpXadC DgO8/nUkUNYeNxJtuzubGgzoyEd8Ch4H/dd9gdzTd+taTEgS0ipdSJuNnkVY4/M652jKKHR LFf02hosdR8wQwYJKoZIhvcNAQcBMBQGCCqGSIb3DQMHBAgtaMXpRwZRNYAgDsiSf8Z9P43 LrY4OxUk660cu1lXeCSFOSOpOJ7FuVyU=

6. Digested-data

A DigestedData from Alice to Bob of ExContent using SHA-1.

0 30 94: SEQUENCE {

2 06 9: OBJECT IDENTIFIER digestedData (1 2 840 113549 1 7 5) : (PKCS #7)

13 A0 81: [0] {

15 30 79: SEQUENCE { 17 02 1: INTEGER 0 20 30 7: SEQUENCE {

22 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) : (OIW)

: }

29 30 43: SEQUENCE {

31 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) : (PKCS #7)

42 A0 30: [0] {

44 04 28: OCTET STRING ’This is some sample content.’

: } : }

74 04 20: OCTET STRING

: 40 6A EC 08 52 79 BA 6E 16 02 2D 9E : 06 29 C0 22 96 87 DD 48

: } : } : } 7. Encrypted-data

7.1. Simple EncryptedData

An EncryptedData from Alice to Bob of ExContent with no attributes.

0 30 87: SEQUENCE {

2 06 9: OBJECT IDENTIFIER

: encryptedData (1 2 840 113549 1 7 6) : (PKCS #7)

13 A0 74: [0] {

15 30 72: SEQUENCE { 17 02 1: INTEGER 0 20 30 67: SEQUENCE {

22 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) : (PKCS #7)

33 30 20: SEQUENCE {

35 06 8: OBJECT IDENTIFIER

: des-EDE3-CBC (1 2 840 113549 3 7) : (RSADSI encryptionAlgorithm

: (1 2 840 113549 3)) 45 04 8: OCTET STRING

: B3 6B 6B FB 62 31 08 4E : }

55 80 32: [0]

: FA FC ED DB 3F 18 17 1D 38 89 11 EA : 34 D6 20 DB F4 C3 D9 58 15 EF 93 3B : 9A F5 D7 04 F6 B5 70 E2

: } : } : } : } The TripleDES key is:

73 7c 79 1f 25 ea d0 e0 46 29 25 43 52 f7 dc 62 91 e5 cb 26 91 7a da 32

7.2. EncryptedData with Unprotected Attributes

An EncryptedData from Alice to Bob of ExContent with unprotected attributes.

0 30 149: SEQUENCE {

3 06 9: OBJECT IDENTIFIER

: encryptedData (1 2 840 113549 1 7 6) : (PKCS #7)

14 A0 135: [0] {

17 30 132: SEQUENCE { 20 02 1: INTEGER 2 23 30 67: SEQUENCE {

25 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) : (PKCS #7)

36 30 20: SEQUENCE {

38 06 8: OBJECT IDENTIFIER

: des-EDE3-CBC (1 2 840 113549 3 7) : (RSADSI encryptionAlgorithm

: (1 2 840 113549 3)) 48 04 8: OCTET STRING

: 07 27 20 85 90 9E B0 7E : }

58 80 32: [0]

: D2 20 8F 67 48 8A CB 41 E4 22 68 5D : BE 77 05 52 26 ED E3 01 BD 00 91 58 : A7 35 6E BC 4B A2 07 33

: } 92 A1 58: [1] {

94 30 56: SEQUENCE {

96 06 3: OBJECT IDENTIFIER ’1 2 5555’

101 31 49: SET {

103 04 47: OCTET STRING

: ’This is a test General ASN Attribut’

: ’e, number 1.’

: } : } : } : } : } : }

8. Security Considerations

Because this document shows examples of S/MIME and CMS messages, this document also inherits all of the security considerations from

[SMIME-MSG] and [CMS].

The Perl script in Appendix A writes to the user’s local hard drive.

A malicious attacker could modify the Perl script in this document.

Be sure to read the Perl code carefully before executing it.

9. References

9.1. Normative References

[CMS] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3852, July 2004.

[PKIX] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and

Certificate Revocation List (CRL) Profile", RFC 3280, April 2002.

[SMIME-MSG] Ramsdell, B., "Secure/Multipurpose Internet Mail

Extensions (S/MIME) Version 3.1 Message Specification", RFC 3851, July 2004.

9.2. Informative References

[DVCS] Adams, C., Sylvester, P., Zolotarev, M., and R.

Zuccherato, "Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols", RFC 3029, February 2001.

A. Binaries of the Examples

This section contains the binaries of the examples shown in the rest of the document. The binaries are stored in a modified Base64

format. There is a Perl program that, when run over the contents of this document, will extract the following binaries and write them out to disk. The program requires Perl.

A.1. How the Binaries and Extractor Works

The program in the next section looks for lines that begin with a ’|’

character (or some whitespace followed by a ’|’), ignoring all other lines. If the line begins with ’|’, the second character tells what kind of line it is:

A line that begins with |* is a comment

A line that begins with |> gives the name of a new file to start A line that begins with |< tells to end the file (and checks the file name for sanity)

A line that begins with |anythingelse is a Base64 line

The program writes out a series of files, so you should run this in an empty directory. The program will overwrite files (if it can), but won’t delete other files already in the directory.

Run this program with this document as the standard input, such as:

./extractsample.pl <draft-ietf-smime-examples

If you want to extract without the program, copy all the lines

between the "|>" and "|<" markers, remove any page breaks, and remove the "|" in the first column of each line. The result is a valid Base64 blob that can be processed by any Base64 decoder.

A.2. Example Extraction Program

#!/usr/bin/perl

# CMS Samples extraction program. v 1.1

# Get all the input as an array of lines

@AllIn = (); while (<STDIN>) { push(@AllIn, $_) }

$Base64Chars = ’ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr’ . ’stuvwxyz0123456789+/=’;

$LineCount = 0; $CurrFile = ’’;

foreach $Line (@AllIn) {

$LineCount++; # Keep the line counter for error messages $Line =˜ s/^\s*//; # Get rid of leading whitespace

chomp($Line); # Get rid of CR or CRLF at the end of the line if(substr($Line, 0, 1) ne ’|’) { next } # Not a special line elsif(substr($Line, 1, 1) eq ’*’) { next } # It is a comment elsif(substr($Line, 1, 1) eq ’>’)

{ &StartNewFile(substr($Line, 2)) } # Start a new file elsif(substr($Line, 1, 1) eq ’<’)

{ &EndCurrFile(substr($Line, 2)) } # End the current file else { &DoBase64(substr($Line, 1)) } # It is a line of Base64 }

sub StartNewFile {

$TheNewFile = shift(@_);

if($CurrFile ne ’’) { die "Was about to start a new file at " . "line $LineCount, but the old file, $CurrFile, was open\n" } open(OUT, ">$TheNewFile") or

die "Could not open $TheNewFile for writing: $!\n";

binmode(OUT); # This is needed for Windows, is a noop on Unix $CurrFile = $TheNewFile;

$LeftOver = 0; # Amount left from previous Base64 character $NextPos = 0; # Bit position to start the next Base64 character # (bits are numbered 01234567)

$OutString = ’’; # Holds the text going out to the file }

sub EndCurrFile {

$FileToEnd = shift(@_);

if($CurrFile ne $FileToEnd) { die "Was about to close " .

"$FileToEnd at line $LineCount, but that name didn’t match " . "the name of the currently open file, $CurrFile\n" }

print OUT $OutString;

close(OUT);

$CurrFile = ’’;

}

sub DoBase64 {

$TheIn = shift(@_);

if($CurrFile eq ’’) { die "Got some Base64 at line $LineCount, " . "but appear to not be writing to any particular file.\n" }

@Chars = split(//, $TheIn); # Make an array of the characters foreach $ThisChar (@Chars) {

# $ThisVal is the position in the string and the Base64 value $ThisVal = index($Base64Chars, $ThisChar);

if($ThisVal == -1) { die "At line $LineCount, found the " . "character $ThisChar, which is not a Base64 character\n" } if($ThisVal == 64) { last } # It is a "=", so we’re done if ($NextPos == 0 ) {

# Don’t output anything, just fill the left of $LeftOver $LeftOver = $ThisVal * 4;

$NextPos = 6;

} elsif ($NextPos == 2) {

# Add $ThisVal to $LeftOver, output, and reset $OutString .= chr($LeftOver + $ThisVal);

$LeftOver = 0;

$NextPos = 0;

} elsif ($NextPos == 4) {

# Add upper 4 bits of $ThisVal to $LeftOver and output $Upper4 = ($ThisVal & 60);

$OutString .= chr($LeftOver + ($Upper4/4));

$LeftOver = (($ThisVal - $Upper4) * 64);

$NextPos = 2;

} elsif ($NextPos == 6) {

# Add upper 2 bits of $ThisVal to $LeftOver and output $Upper2 = ($ThisVal & 48);

$OutString .= chr($LeftOver + ($Upper2/16));

$LeftOver = (($ThisVal - $Upper2) * 16);

$NextPos = 4;

} else { die "\$NextPos has an illegal value: $NextPos." } }

}

B. Examples in Order of Appearance From Section 2.1

***ExContent.bin***

|* Section 2.1

|>ExContent.bin

|VGhpcyBpcyBzb21lIHNhbXBsZSBjb250ZW50Lg==

|<ExContent.bin From Section 2.2

***AlicePrivDSSSign.pri***

|* Example AlicePrivDSSSign.pri

|>AlicePrivDSSSign.pri

|MIIBSwIBADCCASsGByqGSM44BAEwggEeAoGBAIGNze2D6gqeOT7CSCij5EeT3Q7XqA7sU8

|WrhAhP/5Thc0h+DNbzREjR/p+vpKGJL+HZMMg23j+bv7dM3F9piuR10DcMkQiVm96nXvn8

|9J8v3UOoi1TxP7AHCEdNXYjDw7Wz41UIddU5dhDEeL3/nbCElzfy5FEbteQJllzzflvbAh

|UA4kemGkVmuBPG2o+4NyErYov3k80CgYAmONAUiTKqOfs+bdlLWWpMdiM5BAI1XPLLGjDD

|HlBd3ZtZ4s2qBT1YwHuiNrhuB699ikIlp/R1z0oIXks+kPht6pzJIYo7dhTpzi5dowfNI4

|W4LzABfG1JiRGJNkS9+MiVSlNWteL5c+waYTYfEX/Cve3RUP+YdMLRgUpgObo2OQQXAhUA

|u0RG0aXJRgcu0P561pIH8JqFiT8=

|<AlicePrivDSSSign.pri

***AlicePrivRSASign.pri***

|* Example AlicePrivRSASign.pri

|>AlicePrivRSASign.pri

|MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOCJczmN2PX16Id2OX9OsA

|W7U4PeD7er3H3HdSkNBS5tEt+mhibU0m+qWCn8l+z6glEPMIC+sVCeRkTxLLvYMs/GaG8H

|2bBgrL7uNAlqE/X3BQWT3166NVbZYf8Zf8mB5vhs6odAcO+sbSx0ny36VTq5mXcCpkhSjE

|7zVzhXdFdfAgMBAAECgYAApAPDJ0d2NDRspoa1eUkBSy6K0shissfXSAlqi5H3NvJ11ujN

|FZBgJzFHNWRNlc1nY860n1asLzduHO4Ovygt9DmQbzTYbghb1WVq2EHzE9ctOV7+M8v/Ke

|QDCz0Foo+38Y6idjeweVfTLyvehwYifQRmXskbr4saw+yRRKt/IQJBAPbW4CIhTF8KcP8n

|/OWzUGqd5Q+1hZbGQPqoCrSbmwxVwgEd+TeCihTI8pMOks2lZiG5PNIGv7RVMcncrcqYLd

|ECQQDo3rARJQnSAlEB3oromFD1d3dhpEWTawhVlnNd9MhbEpMic4t/03B/9aSqu3T9PCJq

|2jiRKoZbbBTorkye+o4vAkEAl0zwh5sXf+4bgxsUtgtqkF+GJ1Hht6B/9eSI41m5+R6b0y

|l3OCJI1yKxJZi6PVlTt/oeILLIURYjdZNR56vN8QJALPAkW/qgzYUi6tBuT/pszSHTyOTx

|hERIZHPXKY9+RozsFd7kUbOU5yyZLVVleyTqo2IfPmxNZ0ERO+G+6YMCgwJAWIjZoVA4hG

|qrA7y730v0nG+4tCol+/bkBS9u4oiJIW9LJZ7Qq1CTyr9AcewhJcV/+wLpIZa4M83ixpXu

|b41fKA==

|<AlicePrivRSASign.pri

***BobPrivRSAEncrypt.pri***

|* Example BobPrivRSAEncrypt.pri

|>BobPrivRSAEncrypt.pri

|MIIChQIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKnhZ5g/OdVf8qCTQV6meY

|mFyDVdmpFb+x0B2hlwJhcPvaUi0DWFbXqYZhRBXM+3twg7CcmRuBlpN235ZR572akzJKN/

|O7uvRgGGNjQyywcDWVL8hYsxBLjMGAgUSOZPHPtdYMTgXB9T039T2GkB8QX4enDRvoPGXz

|jPHCyqaqfrAgMBAAECgYBnzUhMmg2PmMIbZf8ig5xt8KYGHbztpwOIlPIcaw+LNd4Ogngw

|y+e6alatd8brUXlweQqg9P5F4Kmy9Bnah5jWMIR05PxZbMHGd9ypkdB8MKCixQheIXFD/A

|0HPfD6bRSeTmPwF1h5HEuYHD09sBvf+iU7o8AsmAX2EAnYh9sDGQJBANDDIsbeopkYdo+N

|vKZ11mY/1I1FUox29XLE6/BGmvE+XKpVC5va3Wtt+Pw7PAhDk7Vb/s7q/WiEI2Kv8zHCue

|UCQQDQUfweIrdb7bWOAcjXq/JY1PeClPNTqBlFy2bKKBlf4hAr84/sajB0+E0R9KfEILVH

|IdxJAfkKICnwJAiEYH2PAkA0umTJSChXdNdVUN5qSO8bKlocSHseIVnDYDubl6nA7xhmqU

|5iUjiEzuUJiEiUacUgFJlaV/4jbOSnI3vQgLeFAkEAni+zN5r7CwZdV+EJBqRd2ZCWBgVf

|JAZAcpw6iIWchw+dYhKIFmioNRobQ+g4wJhprwMKSDIETukPj3d9NDAlBwJAVxhn1grSta

|vCunrnVNqcBU+B1O8BiR4yPWnLMcRSyFRVJQA7HCp8JlDV6abXd8vPFfXuC9WN7rOvTKF8

|Y0ZB9qANMAsGA1UdDzEEAwIAEA==

|<BobPrivRSAEncrypt.pri

***CarlPrivDSSSign.pri***

|* Example CarlPrivDSSSign.pri

|>CarlPrivDSSSign.pri

|MIIBSgIBADCCASsGByqGSM44BAEwggEeAoGBALZJGD6KRMEpcZRMAcQSwXp5y1RNqx6B+8

|ZMsw6UCQbrAdSxyHFLx0XAUCVdnPza5G3T4oZIhIJ9uhWVShb2Ru3d9pjSu36KCoq6Fnu5

|UAFIk4vrJRVRl1Xcj1MOEKlQ/HC3zTBU/dreqKoitaGvi8wCiOeLcF+5reEI1G0pLdbpAh

|UA3cEv31POCzRgdz4CpL+KXZi5ENUCgYAM7lebS73atgdqdDdPVX+d7bxhDetGWTxWCytb

|DJHOpWJSacrhbT69v/7ht7krYTyty65F4wasjCKdnESHC8fN8BzZtU5dc96vDskdWlH1T0

|R5NVpzqn9GUR+pQhacSOuKeWG01S9TIkRjH4a4o1gGJfgpwO+64HXwQsRjZVKbCgQWAhQZ

|szilIWIxUOV/uT4IRnjRPrXlcg==

|<CarlPrivDSSSign.pri

***CarlPrivRSASign.pri***

|* Example CarlPrivRSASign.pri

|>CarlPrivRSASign.pri

|MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAORL/xi4JFf0d/9uc3uTcV

|y8MxqSknIj2EFG0M0ROgSzjq+Cnb1RHhd68nYsK4Y5p73XjRpT7OQA1ejsojax7eJQ4jIJ

|ij+fmSWPuE6ruX3VlmXaFqDFvg6uRFvvXvSnKcuC3axE6aqTlCkO+BjWyFde8nbE8hFgOL

|kbPB2XyWrxAgMBAAECgYEArnPkW19bZlrJ18bvOF9TISovYv7eKZp6hmc2531ieHU9c6C8

|KQ7zj73Dycm2+LrWE5vDl3rKavC4hWVOD72nqPdUBkG969wgd5DfYZuab3Te6jvUnIdg7X

|aE8WowN9XgkBb4gEfDGWvtdXe6Su05tl0CRztfG8gcq8vo9SY/pIECQQD/3wmgVgtCUp7E

|TZOzsEm73ueBfSiZ0LFIugs54Rx7IhgztkD2v9yuHdChrQRxWmEKbjvOMNo2n2UlKbunDn

|8LAkEA5GloGF/5V9B8ZokPumMdcssgpIF2ZInNfdHCJ6kurHpWmoUH2TADowOrf4iSUCQB

|qhsHHyBMt8l7Vve2wn6rcwJAVzZsj4wEdmy21O4kRAD4gOKvQgGpDxSE+OcA4I+MJ6QtX6

|LlbbVjwK1E6XaRpxlJLkb4d4VLO4cE8K/S2FQmlQJAZKEPrFV0G70NYXsXA82w5qcZHYCv

|8UFI2Bq2iBSgLHrFdtQPDh96KrJuNwSrOUVzukaoD42CXyIUBc+io/N8gwJAJh4dHKGYK+

|TbOOhXbmtzGYhhOvp0SjaLR2hdUOsm4+p9m05lqa97q0sudlE9qNARq6PWqMAnNh1UC6qn

|0W2N+g==

|<CarlPrivRSASign.pri

***DianePrivDSSSign.pri***

|* Example DianePrivDSSSign.pri

|>DianePrivDSSSign.pri

Dans le document Abstract This document gives examples of message bodies formatted using S/MIME (Page 87-0)